On 24 Aug 2011, at 20:13, Jim Jagielski wrote: >> Another option is just to return 200. Servers MAY ignore the Range header. I >> prefer this because existing clients already handle that case well, and >> there's no opportunity for a client to exploit this (“malicious” clients >> that want the whole entity need only request it). >> >> Can anyone see why returning 200 for these complex requests (by ignoring >> Range / If-Range) is a bad idea? > > In what cases would we ignore it? Dependent only on >=X ranges?
I don't have any strong opinion about exactly when to ignore Range. From an HTTP client PoV I wouldn't want to get 416 from requesting a satisfiable but complex range (maliciously or otherwise). Ignoring Range on (ranges >= X) is simple to implement and easy to document, so why not do that? -- Tim Bannister – is...@jellybaby.net
